svn commit: r191381 - head/crypto/openssl/crypto/asn1 releng/6.3 releng/6.3/crypto/openssl/crypto/asn1 releng/6.3/lib/libc/db/btree releng/6.3/lib/libc/db/hash releng/6.3/lib/libc/db/mpool releng/6...

Philip M. Gollucci pgollucci at p6m7g8.com
Fri Apr 24 22:28:26 UTC 2009 

I feel like it would better use svn to commit to head, stable/7, releng/7, 
stable/6, etc... seperately.

I tried to diff -rPREV or grab a patch and it didn't help much cause it had 
all the different versions in it.

Thoughts, RTFM ?


Colin Percival wrote:
> Author: cperciva
> Date: Wed Apr 22 14:07:14 2009
> New Revision: 191381
> URL: http://svn.freebsd.org/changeset/base/191381
> 
> Log:
>   Don't leak information via uninitialized space in db(3) records. [09:07]
>   
>   Sanity-check string lengths in order to stop OpenSSL crashing
>   when printing corrupt BMPString or UniversalString objects. [09:08]
>   
>   Security:	FreeBSD-SA-09:07.libc
>   Security:	FreeBSD-SA-09:08.openssl
>   Security:	CVE-2009-0590
>   Approved by:	re (kensmith)
>   Approved by:	so (cperciva)
> 
> Modified:
>   stable/7/crypto/openssl/crypto/asn1/asn1.h
>   stable/7/crypto/openssl/crypto/asn1/asn1_err.c
>   stable/7/crypto/openssl/crypto/asn1/tasn_dec.c
> 
> Changes in other areas also in this revision:
> Modified:
>   head/crypto/openssl/crypto/asn1/asn1.h
>   head/crypto/openssl/crypto/asn1/asn1_err.c
>   head/crypto/openssl/crypto/asn1/tasn_dec.c
>   releng/6.3/UPDATING
>   releng/6.3/crypto/openssl/crypto/asn1/asn1.h
>   releng/6.3/crypto/openssl/crypto/asn1/asn1_err.c
>   releng/6.3/crypto/openssl/crypto/asn1/tasn_dec.c
>   releng/6.3/lib/libc/db/btree/bt_split.c
>   releng/6.3/lib/libc/db/hash/hash_buf.c
>   releng/6.3/lib/libc/db/mpool/mpool.c
>   releng/6.3/sys/conf/newvers.sh
>   releng/6.4/UPDATING
>   releng/6.4/crypto/openssl/crypto/asn1/asn1.h
>   releng/6.4/crypto/openssl/crypto/asn1/asn1_err.c
>   releng/6.4/crypto/openssl/crypto/asn1/tasn_dec.c
>   releng/6.4/lib/libc/db/btree/bt_split.c
>   releng/6.4/lib/libc/db/hash/hash_buf.c
>   releng/6.4/lib/libc/db/mpool/mpool.c
>   releng/6.4/sys/conf/newvers.sh
>   releng/7.0/UPDATING
>   releng/7.0/crypto/openssl/crypto/asn1/asn1.h
>   releng/7.0/crypto/openssl/crypto/asn1/asn1_err.c
>   releng/7.0/crypto/openssl/crypto/asn1/tasn_dec.c
>   releng/7.0/lib/libc/db/btree/bt_split.c
>   releng/7.0/lib/libc/db/hash/hash_buf.c
>   releng/7.0/lib/libc/db/mpool/mpool.c
>   releng/7.0/sys/conf/newvers.sh
>   releng/7.1/UPDATING
>   releng/7.1/crypto/openssl/crypto/asn1/asn1.h
>   releng/7.1/crypto/openssl/crypto/asn1/asn1_err.c
>   releng/7.1/crypto/openssl/crypto/asn1/tasn_dec.c
>   releng/7.1/lib/libc/db/btree/bt_split.c
>   releng/7.1/lib/libc/db/hash/hash_buf.c
>   releng/7.1/lib/libc/db/mpool/mpool.c
>   releng/7.1/sys/conf/newvers.sh
>   releng/7.2/UPDATING
>   releng/7.2/crypto/openssl/crypto/asn1/asn1.h
>   releng/7.2/crypto/openssl/crypto/asn1/asn1_err.c
>   releng/7.2/crypto/openssl/crypto/asn1/tasn_dec.c
>   stable/6/crypto/openssl/crypto/asn1/asn1.h
>   stable/6/crypto/openssl/crypto/asn1/asn1_err.c
>   stable/6/crypto/openssl/crypto/asn1/tasn_dec.c
> 
> Modified: stable/7/crypto/openssl/crypto/asn1/asn1.h
> ==============================================================================
> --- stable/7/crypto/openssl/crypto/asn1/asn1.h	Wed Apr 22 13:31:52 2009	(r191380)
> +++ stable/7/crypto/openssl/crypto/asn1/asn1.h	Wed Apr 22 14:07:14 2009	(r191381)
> @@ -1134,6 +1134,7 @@ void ERR_load_ASN1_strings(void);
>  #define ASN1_R_BAD_OBJECT_HEADER			 102
>  #define ASN1_R_BAD_PASSWORD_READ			 103
>  #define ASN1_R_BAD_TAG					 104
> +#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH		 210
>  #define ASN1_R_BN_LIB					 105
>  #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 106
>  #define ASN1_R_BUFFER_TOO_SMALL				 107
> @@ -1213,6 +1214,7 @@ void ERR_load_ASN1_strings(void);
>  #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 157
>  #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 158
>  #define ASN1_R_UNEXPECTED_EOC				 159
> +#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH		 211
>  #define ASN1_R_UNKNOWN_FORMAT				 160
>  #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 161
>  #define ASN1_R_UNKNOWN_OBJECT_TYPE			 162
> 
> Modified: stable/7/crypto/openssl/crypto/asn1/asn1_err.c
> ==============================================================================
> --- stable/7/crypto/openssl/crypto/asn1/asn1_err.c	Wed Apr 22 13:31:52 2009	(r191380)
> +++ stable/7/crypto/openssl/crypto/asn1/asn1_err.c	Wed Apr 22 14:07:14 2009	(r191381)
> @@ -188,6 +188,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
>  {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER)    ,"bad object header"},
>  {ERR_REASON(ASN1_R_BAD_PASSWORD_READ)    ,"bad password read"},
>  {ERR_REASON(ASN1_R_BAD_TAG)              ,"bad tag"},
> +{ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),"bmpstring is wrong length"},
>  {ERR_REASON(ASN1_R_BN_LIB)               ,"bn lib"},
>  {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"},
>  {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL)     ,"buffer too small"},
> @@ -267,6 +268,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
>  {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
>  {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
>  {ERR_REASON(ASN1_R_UNEXPECTED_EOC)       ,"unexpected eoc"},
> +{ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),"universalstring is wrong length"},
>  {ERR_REASON(ASN1_R_UNKNOWN_FORMAT)       ,"unknown format"},
>  {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},
>  {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE)  ,"unknown object type"},
> 
> Modified: stable/7/crypto/openssl/crypto/asn1/tasn_dec.c
> ==============================================================================
> --- stable/7/crypto/openssl/crypto/asn1/tasn_dec.c	Wed Apr 22 13:31:52 2009	(r191380)
> +++ stable/7/crypto/openssl/crypto/asn1/tasn_dec.c	Wed Apr 22 14:07:14 2009	(r191381)
> @@ -1012,6 +1012,18 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const
>  		case V_ASN1_SET:
>  		case V_ASN1_SEQUENCE:
>  		default:
> +		if (utype == V_ASN1_BMPSTRING && (len & 1))
> +			{
> +			ASN1err(ASN1_F_ASN1_EX_C2I,
> +					ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
> +			goto err;
> +			}
> +		if (utype == V_ASN1_UNIVERSALSTRING && (len & 3))
> +			{
> +			ASN1err(ASN1_F_ASN1_EX_C2I,
> +					ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
> +			goto err;
> +			}
>  		/* All based on ASN1_STRING and handled the same */
>  		if (!*pval)
>  			{
> _______________________________________________
> svn-src-all at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/svn-src-all
> To unsubscribe, send any mail to "svn-src-all-unsubscribe at freebsd.org"


-- 
------------------------------------------------------------------------
1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70  3F8C 75B8 8FFB DB9B 8C1C
Philip M. Gollucci (pgollucci at p6m7g8.com) c: 703.336.9354
Consultant          - P6M7G8 Inc.                http://p6m7g8.net
Senior Sys Admin    - RideCharge, Inc.           http://ridecharge.com
Contractor          - PositiveEnergyUSA          http://positiveenergyusa.com
ASF Member          - Apache Software Foundation http://apache.org
FreeBSD Committer   - FreeBSD Foundation         http://freebsd.org

Work like you don't need the money,
love like you'll never get hurt,
and dance like nobody's watching.

More information about the svn-src-all mailing list